Security News > 2022 > May > Google: Predator spyware infected Android devices using zero-days
In these attacks, part of three campaigns that started between August and October 2021, the attackers used zero-day exploits targeting Chrome and the Android OS to install Predator spyware implants on fully up-to-date Android devices.
The government-backed malicious actors who purchased and used these exploits to infect Android targets with spyware are from Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, according to Google's analysis.
"All three campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. The campaigns were limited - in each case, we assess the number of targets was in the tens of users," the Google TAG analysts added.
Spyware implant dropped using Android banking trojan.
In these campaigns, the attackers first installed the Android Alien banking trojan with RAT functionality used to load the Predator Android implant, allowing recording audio, adding CA certificates, and hiding apps.
As Google TAG researchers revealed, Russian-backed government hackers linked to the Russian Foreign Intelligence Service exploited the Safari zero-day to target iOS devices belonging to government officials from western European countries.
News URL
Related news
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Miscreants are exploiting enterprise tech zero days more and more, Google warns (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Zero-day exploitation surged in 2023, Google finds (source)
- Google fixes two Pixel zero-day flaws exploited by forensics firms (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google rolls out new Find My Device network to Android devices (source)
- 'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan (source)